The present invention relates generally to data encryption and, more particularly, to using state-based encryption for modal protection of data.
There are many applications where one desires data to be available in a useable form only after some sequence of actions has occurred. Current applications withhold the data from the user until notification that the sequence of actions is complete. However, the data, if stored on the user""s system on a computer readable medium such as a hard drive, CD-ROM, DVD-ROM, etc., is susceptible to access by the user. Even if access to the data is protected by a cryptographic key stored on the user""s system, a skilled user can obtain the key and access the data.
To overcome this problem, the prior art suggests withholding the data at a location remote from the user and sending the data over a network upon receipt of a notification that all predefined conditions have been met. In such cases, a number of problems arise in ensuring that the designated key necessary for decryption is securely communicated to the receiver. Sending large amounts of data over a network has undesirable costs in bandwidth.
Key and Encryption Technology
In a public key encryption scheme (also known as an asymmetric encryption scheme), cryptographic keys occur in pairs: one of the pair is a private key that is kept confidential, and the other of the pair is a public key that can be made available to anyone. When data is encrypted using one of the keys (either the public key or the private key), the other key must be used to decrypt the data. For example, resource A encrypts data using a private asymmetric cryptographic key belonging to A. Resource A makes the corresponding public asymmetric cryptographic key available publicly. The only key that can properly decrypt the data is the public key corresponding to the private key with which the data was encrypted. When resource B receives the data, it uses resource A""s public key to decrypt the data. If the data decrypts properly, resource B is certain that only resource A, the sole holder of the corresponding private key, could have encrypted the data. In this way, resource B knows that the data must have originated from resource A, i.e., that the data purportedly from resource A is authentic.
Further, it is not unusual for the sender and receiver to be located at a considerable distance from each other. Because of this, data sent over the network is susceptible to interception by third parties. A secure channel, such as a courier service, may be used to communicate the data. However, such channels tend to be expensive, slow, and perhaps even unsecured in instances where the trustworthiness of the courier is compromised.
What is needed is a way to maintain the data to be accessed on or with the user""s system, rather then at a distance across a channel that must be secured.
The present invention relates to state-based cryptography. More particularly, the present invention protects the confidentiality of data until some predefined condition has occurred. For example, workers, players, soldiers, etc. need to meet certain objectives, such as, a purchase requisition acquiring signatures in a workflow application, reaching a certain place in a game, or some militarily relevant objective, such as reaching a certain physical location on a military map, before learning what they are supposed to do next. While this could be done by storing the data remotely and not giving the data to the worker/player/soldier/etc. until necessary, this has undesirable costs in bandwidth.
Accordingly, a system, method and article of manufacture are provided for transition state-based cryptography in an application including at least one state with an associated state key. Such an application can be a workflow application, a game or a military application, for example. Upon reaching a state in the application, a request for access is sent via a network such as a local area network, a wide area network, wireless network, the Internet, etc., to a server. The request includes a state key associated with the state. The server attempts to validate the state key. A reply is sent from the server to the application in response to the request. The reply includes an access key if the state key is valid. This access key provides access to the next state in an application.
As an option, the request is encrypted prior to being sent. The reply can also be encrypted. In an aspect of the present invention, the request for access is for a subsequent state in the application.
In one aspect of the present invention, the application is a workflow application. The access key can allow display of a document after a prespecified criterion has been met.
In another aspect of the present invention, the application is a game, such as a single or multiplayer game. As an option, the access key allows progression to a subsequent portion of the game. In a further aspect of the present invention, the application is a military application, such as one that includes a map. The state key allows access to the portion of the map corresponding to the current, relevant portion of the military plan.
Note that our approach differs from the prior art in that the application""s state data kept locally, and only the access keys are kept remotely, whereas in previous approaches the application data is kept remotely. Our approach thus confers many advantages over the prior art, including a savings in network bandwidth. This savings is realized because it is not necessary to move potentially large quantities of application data from the server to the application across a network. Also, because in some application, no application data is being sent across a network to the server, in those applications it may not be necessary to secure the channel between the application and the server. Even if the state keys or access keys were to be intercepted by a third party, in some applications the eavesdropper would learn nothing about the application data.